Login restrictions (and possible security problem)

[HeleneWallis]

OK, just an idea based on your original post, where you asked

> when a person with a certain profile logs in, the screen goes directly to the code they need to see and use?

What you (probably) have now - most menus turned off, no home page content - is probably intuitive enough that your staff can figure it out.

I'm sure it is. I just don't want those people to see that there may be more content that they don't have access to. Or get an explicit message that more is present if only they had some other login credentials. But I really like the idea of that being a configuration option as well, because not everyone may feel as strongly about that point as I do. I had an employee who tried to poke around in another employee's computer to see what he could find out about the company. Granted, not being able to see even the home page isn't going to prevent someone from trying that stunt anyway. But it will lessen (I hope) the assumption that someone else might have something more interesting to look at.

The plugin I'm working on is to assist with order packing, to reduce errors in shipping. The people who are doing that will have no other responsibility in the company and there's no reason for them to have access to anything else (or to see that there is anything else).

[lat9]

An admin with restricted permissions, i.e. they're not allowed to view orders, customers, sales reports or whos-online will only see menu tabs containing their permitted tools and, on the home page, the current traffic as well as the base statistics ... neither of which I think give away sensitive information.

[HeleneWallis]

An admin with restricted permissions, i.e. they're not allowed to view orders, customers, sales reports or whos-online will only see menu tabs containing their permitted tools and, on the home page, the current traffic as well as the base statistics ... neither of which I think give away sensitive information.

True, and if I can't do a different home page for them, or take them directly to their login page, that will not be unacceptable. I'm still trying to get my program registered on the admin side so I can test it, so I've had to put the home page part on the back burner for the moment. I'm not sure what I'm doing wrong there yet, but if I still can't figure it out in another day or so, I'll ask for help with that.

[swguy]

Guidance on adding an admin page:

https://docs.zen-cart.com/dev/code/creating_menu/

[HeleneWallis]

Guidance on adding an admin page:

https://docs.zen-cart.com/dev/code/creating_menu/

Yes, that's what I'm using as a guide. I finally figured it out--'TOOLS' was missing from the declaration in ADMIN/includes/language/english/extra_definitions/

As often happens, I learned a lot more by getting an error message 10 times than by getting it right the first time, lol. Now all I have to do is make the program itself work correctly. And then figure out how to fit it into the new plugin format. One step at a time. Thanks for your help.

[lat9]

... and if you're also looking to conditionally display the tool's output on the admin home-page, check out /admin/includes/modules/dashboard_widgets/RecentOrdersDashboardWidget.php.

That widget restricts its home-page display to either super-user admins or those that have permissions to use the Customers :: Orders tool.

[HeleneWallis]

Thanks, I'll do that.